<?php

error_reporting(1);

/* ksqurl / api2.php */
/* api with forms post */
/* updated Feb 4 2011 by Kevan */

require_once 'includes/config.php'; // settings
require_once 'includes/gen.php'; // url generation and location
//$perma = parse_url( $_SERVER['REQUEST_URI'] );
//$_PERMA = explode( "/", $perma['path'], 3 );
//@array_shift( $_PERMA );

//if (empty($_SERVER['QUERY_STRING']))
//	{
//		$qs = '';
//	}else{
//		$qs = '?'.$_SERVER['QUERY_STRING'].'';
//	}

$url = new url();
$msg = '';
if ( isset($_GET['short']) && strlen(trim($_GET['short'])) ) {
        // escape bad characters from the users url
        $shorturl = trim(mysql_escape_string($_GET['short']));
        $string = "$shorturl";

        list($string1,$string2) = explode("$INSTALL_PATH",$string);

        $shortid = $string1.$string2;

        // return the url for given id (or -1 if the id doesnt exist)

	$q2 = 'SELECT url FROM `'.URL_TABLE.'` WHERE `id` = \''.$shortid.'\'';
        $result2 = mysql_query($q2);

        while ($row = mysql_fetch_array($result2, MYSQL_ASSOC)) {
              printf($row["url"]);
	exit();
	}
}

if (isset($_POST['u'])) { $apiurl = $_POST['u']; }
elseif (isset($_GET['url'])) {$apiurl = $_GET['url']; }

// if the form has been submitted
if ( $apiurl != "" )
{
	// escape bad characters from the users url
	$longurl = trim(mysql_escape_string($apiurl));
	// set the protocol to not ok by default
	$protocol_ok = false;
		
	// Check phishtank.com to see if this is a possible scam site
	$ptdata = phishtank($longurl);

	// if there's a list of allowed protocols, 
	// check to make sure its all cool
        if (strtolower(parse_url($apiurl,PHP_URL_HOST)) == strtolower(parse_url(INSTALL_PATH,PHP_URL_HOST)) ) {
		echo $apiurl; 
		exit(); }
		
	if ( count($allowed_protocols) )
	{
		foreach ( $allowed_protocols as $ap )
		{
			if ( strtolower(substr($longurl, 0, strlen($ap))) == strtolower($ap) )
			{
				$protocol_ok = true;
				break;
			}
		}
	}
	else // if there's no protocol list, fuck all that
	{
		$protocol_ok = true;
	}

	}
	// Build link or error message
	if (isset($_GET['app'])) {$app = $_GET['app']; } else { $app = "api"; }
		
	if ( $protocol_ok && $url->add_url($longurl, "",$app) && $ptdata['results']['in_database'] !=1 )
	{
		$id = $url->get_id($longurl);
		if ( REWRITE ) // mod_rewrite style link
		{
			$url = 'http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['PHP_SELF']).''.$id;
			$qrurl ='http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['PHP_SELF']).'qr/'.$id.'.png';

		}
		else // regular GET style link
		{
			$url = 'http://'.$_SERVER['SERVER_NAME'].$_SERVER['PHP_SELF'].'?id='.$id;
			$qrurl = 'http://'.$_SERVER['SERVER_NAME'].$_SERVER['PHP_SELF'].'qr.php?getcode&id='.$id;
		}
	}
	else // something broken
	{
		$msg = '<br/><div class=error-display id=error-display style=\"display:block;\" \">Something broke. Try again?</div>';
	}

if (isset($_GET['json'])) {
	$results['url']=$url;
	$results['qrurl']=$qrurl;
	print json_encode($results);
} else { 
	echo $url; 
}

?>
